Learn about our practice with privacy and data protection.

Jun 1, 2024

Privacy and data protection

Learn about our practice with privacy and data protection.

1. FUTURUM CAPITAL ASSET MANAGEMENT LTD., a Brazilian limited company headquartered in the City of São Paulo, State of São Paulo, at Rua Girassol, No. 1033, room 10, Vila Madalena, ZIP code 05433-002, registered with CNPJ/ME under No. 48.818.002/0001-19 (“Futurum” or “Company”), is committed to the protection of the personal data of its clients, employees, partners, and third parties. This policy establishes how we manage, protect, and process personal data in accordance with the General Data Protection Law (LGPD - Law No. 13.709/2018).

2. Collection of Personal Data. We collect personal data from clients and service providers only for legitimate and specific purposes, as necessary for the provision of our services; when necessary for compliance with legal and regulatory obligations; when the data is necessary for the regular exercise of rights in judicial, administrative, or arbitration processes; and/or with the express consent of the data subject.

During navigation on our website, we may collect personal data indirectly through cookies and other similar technologies, some of which are strictly necessary for the website's operation. The data collected in this way may involve information about the device, access logs to the internet application (such as IP, date, and time), and duration of access in accordance with the Civil Framework of the Internet. Additionally, personal data may also be provided directly by the data subject by email, in person, or by phone for the purposes of contractual execution, compliance with legal obligation, and/or exercise of rights, with only strictly necessary, adequate, and compatible data with the purpose being shared.

3. Collected Data. The personal data collected includes, but is not limited to: name, address, CPF, financial information, and contact details.

4. Storage. Data processing is carried out in accordance with the principles of LGPD, ensuring transparency, purpose, and security. The data is stored securely on cloud servers protected by cybersecurity security mechanisms, including firewalls, encryption, antivirus, and intrusion detection systems to protect our systems and data against unauthorized access and cyberattacks. The companies contracted for cloud server services perform regular backups of the data according to their respective policies.

5. Processing. Data processing is conducted following the principles of LGPD, ensuring transparency, purpose, and security. Processing is conducted by authorized employees directly related to the activity for which the data is intended, following standardized procedures. We regularly monitor access to and use of the data to detect and prevent violations.

6. Data Sharing. We share personal data with third parties only when necessary for the provision of services, compliance with legal obligations, or with the consent of the data subject. Personal data may be processed alongside public and private legal entities, both national and international, in the exercise of the professional management of securities portfolios, as well as for compliance with legal or regulatory obligations and/or the exercise of rights.

We inform that Futurum in no circumstance sells personal data.

7. Data Retention. We maintain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Specific retention periods are defined based on the nature of the data and legal requirements.

8. Data Deletion. When the data is no longer necessary, we implement secure procedures for the deletion of this data. We use deletion methods, such as the physical destruction of documents and the secure deletion of digital data, ensuring that the data cannot be recovered.

9. Rights of Data Subjects. Data subjects have, regarding their personal data, according to LGPD, the following rights:

  • Confirmation of the existence of the processing;

  • Access to the data;

  • Correction of incomplete, inaccurate, or outdated data;

  • Anonymization, blocking, or deletion of unnecessary, excessive data, or data processed in non-compliance with LGPD;

  • Portability of the data to another service or product provider, upon express request, in accordance with the national authority's regulation, maintaining commercial and industrial secrecy;

  • Deletion of personal data processed with consent from the data subject, except in cases of compliance with a legal or regulatory obligation by the controller and studies by a research body, transfer to a third party, provided that the data processing requirements established in the General Data Protection Law are respected or exclusive use by the controller, preventing access by third parties, and provided that the data is anonymized;

  • Information about the public and private entities with which the controller shared data;

  • Information about the possibility of not providing consent and about the consequences of refusal; and

  • Revocation of consent, through a free and facilitated procedure, ratifying the treatments carried out under the authorization previously expressed.

Futurum uses technical and administrative measures capable of protecting your information and personal data. If you have any requests related to your personal data, we ask that you send a message to compliance@futurum.capital.

10. Third-Party Links. The Futurum Website contains links to other websites. Futurum is not responsible for the privacy practices or the content of such websites. If you follow a link to any of these third-party sites, they will have their own privacy notices, and you will need to review those notices before submitting any personal data to those third-party sites.

11. Incident Response. The Company uses firewalls and other monitoring mechanisms to identify suspicious activities, in addition to regularly reviewing system, network, and application logs to detect anomalies and signs of potential security incidents. Employees are instructed to report any suspicious activity or security incident to the Compliance Director. In the event of a security incident, the following procedures will be observed to identify, contain, eliminate incidents, and recover data effectively to minimize impacts:

a. Incident containment, by disconnecting compromised systems to prevent the spread of the incident and blocking access from compromised users to prevent additional unauthorized access; b. Making backups of critical data before implementing changes for containment; c. Applying security patches to vulnerable systems identified during the initial analysis; d. Identifying the root cause through a detailed investigation, including attack vectors and vulnerabilities exploited; e. Removing threats using security tools to remove identified malware or malicious code; f. Correcting vulnerabilities; g. Restoring data and systems from secure backups; and h. Conducting integrity testing of restored systems to ensure they are free from additional compromises; i. Notifying regulatory authorities and affected clients as required by legislation, including LGPD.

12. Updates. Futurum may modify this Privacy Policy from time to time.

13. Futurum is committed to protecting the personal data of its clients, employees, and partners, in accordance with LGPD. Our policies and procedures ensure the security, integrity, and confidentiality of the data, providing peace of mind and trust to our stakeholders. If you have any questions or need more information, please contact our Compliance Director.

Last updated on June 19, 2024.